[wp-trac] [WordPress Trac] #37548: wp_mail can result in improperly formatted domain when using default 'from' address

Tue Aug 2 21:28:56 UTC 2016

#37548: wp_mail can result in improperly formatted domain when using default 'from'
address
--------------------------+-----------------------------
 Reporter:  cklosows      |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Mail          |    Version:  trunk
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 As it stands the `wp_mail` function has a method to fall back onto
 `wordpress at example.org` (replace example.org with the sites domain) when
 no 'From' email address is provided, however the use of
 `$_SERVER['SERVER_NAME']` can result in an invalid domain being used,
 causing a fatal error when performing actions like creating a new site in
 Multisite.

 For instance, in my local development with nginx the
 `$_SERVER['SERVER_NAME']` is being reported as `~^(.*).edd\\.dev$` when
 requested, in order to handle some multisite configurations.

 Since this super global can be configured differently in different
 environments, it should be sanitized or checked before trying to use it.
 There have been some tickets in the past that have raised concerns here
 and I'm not opposed to the SERVER_NAME approach, but there should be a
 fallback if that is not a valid option. Locally I have the following added
 (I can work up a patch later if anyone is interested):

 {{{
 if ( ! filter_var( $sitename, FILTER_VALIDATE_URL ) ) {
         $sitename = preg_replace( '#^http(s)?://#', '', get_home_url() );
 }
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37548>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform